此站点无法提供安全连接xxxxxxxx使用不受支持的协议 - WCF自托管 [英] This site can't provide a secure connection xxxxxxxx uses an unsupported protocol - WCF self host

问题描述

我们有一个公开的WCF主机服务localhost端口9200上的[WebGet]方法。我们试图从javascript代码中使用它。它适用于IE11和Chrome v65。升级到chrome v68后，我开始收到以下错误

 

"此站点无法提供安全连接xxxxxxx使用不支持的协议。

ERR_SSL_VERSION_OR_CIPHER_ MISMATCH.Unsupported协议的 的

客户端和服务器不支持通用的SSL协议版本或密码套件。"

 

v68以上的任何版本的chrome都会出现同样的错误。

我已粘贴我的c＃代码

 

**服务合同**

 

 

 

[WebGet(UriTemplate = "hello", ResponseFormat = WebMessageFormat.Json)]
[OperationContract]
string HelloWorld();

 

** appconfig **

 

       

       

<configuration>        <startup>        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1" />      </startup>      <system.serviceModel>        <services>          <service name="SelfHostRestService.Service" behaviorConfiguration="ServiceBehavior">            <endpoint address=""                      bindingConfiguration="restBinding"                      binding="webHttpBinding"                      contract="Contracts.IService"                      behaviorConfiguration="webBehavior"/>          </service>        
</services>        
<behaviors>          
<serviceBehaviors>            
<behavior name="ServiceBehavior">                   
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />                       
<serviceDebug includeExceptionDetailInFaults="true" />              
<dataContractSerializer maxItemsInObjectGraph="6553600" />              
<serviceThrottling maxConcurrentCalls="20" maxConcurrentSessions="40" maxConcurrentInstances="2147483647" />            </behavior>          
</serviceBehaviors>          
<endpointBehaviors>            
<behavior name="webBehavior">              
<webHttp />            
</behavior>          
</endpointBehaviors>        
</behaviors>        
<bindings>          
<webHttpBinding>            
<binding name="restBinding" crossDomainScriptAccessEnabled="true">              <security mode="Transport">                
<transport clientCredentialType="None"/>              </security>            
</binding>          
</webHttpBinding>        
</bindings>      
</system.serviceModel>    
</configuration>

 

**服务托管** < span style ="text-decoration：underline">

 

   

   

Uri netTcpAdddress = new Uri("https://Example.com:9200");
ServiceHost wHostV2 = new ServiceHost(typeof(Service), netTcpAdddress);
X509Certificate2 certificate = new X509Certificate2(System.Environment.CurrentDirectory + "\\" + "Example.pfx", "password");                    wHostV2.Credentials.ServiceCertificate.Certificate = certificate;
wHostV2.Open();
Console.WriteLine("Service is up and running");
Console.WriteLine("Press enter to quit ");
Console.ReadLine();
wHostV2.Close();

 

经过我的分析，看起来我的服务只运行在SSL& TLS 1.0上。以下是我的NMAP扫描结果

 

   

   

9200/tcp open  ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       CBC-mode cipher in SSLv3 (CVE-2014-3566)
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|_  least strength: C

 

我尝试将我的.net框架升级到4.7，如下面的博客所示没有工作..

https://docs.microsoft.com/en- us / dotnet / framework / migration- 指南/retargeting/4.6.2-4.7

 

感谢任何帮助。

Any help is appreciated.

推荐答案

嗨Remya J，

On我的方面，我使用以下命令将SSL证书绑定到端口，它就像一个魅力。

Hi Remya J,
On my side, I use the following command to binding the SSL cert to the port and it works like a charm.

netsh http add sslcert port=0.0.0.0:9201 certhash=6e48c590717cb2c61da97346d5901b260e983850 appid={61466809-CD17-4E31-B87B-E89B003FABFA}

certhash参数指定证书的指纹。

appid位于Project.csproj文件。

certhash parameter specifies the thumbprint of the certificate.
The appid is inside of the Project.csproj file.

<ProjectGuid>{56FDE5B9-3821-49DB-82D3-9DCE376D950A}</ProjectGuid>

以下是官方文件，希望对您有用。

https://docs.microsoft.com/en-us/windows/desktop/http/add-sslcert

https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate

如果有任何我可以提供的帮助，请随时告诉我。

最好的问候

Abraham

Here is the official document, wish it is useful to you.
https://docs.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
Feel free to let me know if there is anything I can help with.
Best Regards
Abraham

这篇关于此站点无法提供安全连接xxxxxxxx使用不受支持的协议 - WCF自托管的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！